From owner-freebsd-jail@FreeBSD.ORG Sun Nov 11 12:30:32 2012 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 422C543A; Sun, 11 Nov 2012 12:30:32 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 56FF18FC0A; Sun, 11 Nov 2012 12:30:31 +0000 (UTC) Received: by mail-bk0-f54.google.com with SMTP id jm19so1081532bkc.13 for ; Sun, 11 Nov 2012 04:30:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hT6roMBV3d2CmUVito96hiFaTqUhYHDq4sQNgk2YHPw=; b=GjVC6y1lrLs+bwEh3k692tGuOsQSZYcelHpKwlvU7DsaYWvP1MGhfeG0zGQjIGbIA8 LAfAJc6SDnAfYkD9c8DqwZvXyPxGJy6GzJZNNdpphl5uPDaxRtZRR6P/mn4Lm40JrcE+ 4VicyMvkUnUaWmEdeR4oVnmq/zGGO7buXQrWESRqj4b5i0MAHen3EHRmbOxoXzd0KLvV ydpvsQJrcCspJk+bR7a4d1JlPKC4pgKupw7PIyDfRUax2tKUN+FfIn7Bvpl2/vh8qkib hPmWU5sEeE68cwxdNmJBqISbWT+8Gz8/9ZPYx4NjB9moik2EeIWiNJEYyrGEZfpE26JZ TRnw== MIME-Version: 1.0 Received: by 10.204.147.212 with SMTP id m20mr989243bkv.103.1352637030211; Sun, 11 Nov 2012 04:30:30 -0800 (PST) Received: by 10.204.50.197 with HTTP; Sun, 11 Nov 2012 04:30:30 -0800 (PST) In-Reply-To: References: Date: Sun, 11 Nov 2012 12:30:30 +0000 Message-ID: Subject: Re: jail: unknown parameter: ip6.addr From: Chris Rees To: jail@freebsd.org, "freebsd-rc@freebsd.org" Content-Type: text/plain; charset=ISO-8859-1 Cc: Eitan Adler X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Nov 2012 12:30:32 -0000 On 10/11/2012, Chris Rees wrote: > [adding rc@, please keep me CCd as I'm not in jail@] > > On Thu, 2012-11-08 at 02:27 +0100, Mateusz Guzik wrote: >> On Wed, Nov 07, 2012 at 03:39:26PM -0500, Mike Jakubik wrote: >> > Hello, >> > >> > I just updated a server to latest stable and my jails no longer start, >> > troubleshooting the startup script shows us that the parameter ip6.addr >> > is unknown, this system is compiled without INET6. >> [..] >> > + tail +2 /tmp/jail.PJ5ji3QH/jail.8101 >> > jail: unknown parameter: ip6.addr >> >> Try this (lightly tested): >> http://people.freebsd.org/~mjg/patches/rc-jail-ip-arg.diff >> >> Basically the idea is to pass ip4.addr and ip6.addr only when respective >> addresses are specified in configuration. > > > Since we've had confirmation that the patch works, a much faster way > is to use sh's variable substitution magic, which also means a much > smaller change: > > - ip4.addr=\"${_addrl}\" ip6.addr=\"${_addr6l}\" > ${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \ > + ${_addrl:+ip4.addr=\"${_addrl}\"} > ${_addr6l:+ip6.addr=\"${_addr6l}\"} ${_parameters} > command=${_exec_start} > ${_tmp_jail} 2>&1 \ > > I'll get a patch together later > Patch as promised-- please would you test and confirm? http://www.bayofrum.net/~crees/patches/rc-jail-ip-arg-shvars.diff Chris From owner-freebsd-jail@FreeBSD.ORG Mon Nov 12 11:06:46 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0BE6CA0C for ; Mon, 12 Nov 2012 11:06:46 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id E39F98FC17 for ; Mon, 12 Nov 2012 11:06:45 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qACB6jYf000389 for ; Mon, 12 Nov 2012 11:06:45 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qACB6jxP000387 for freebsd-jail@FreeBSD.org; Mon, 12 Nov 2012 11:06:45 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 12 Nov 2012 11:06:45 GMT Message-Id: <201211121106.qACB6jxP000387@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 11:06:46 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no o kern/169751 jail [jail] reading routing information does not work in ja o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 14 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Nov 12 21:49:57 2012 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1262F3C7; Mon, 12 Nov 2012 21:49:57 +0000 (UTC) (envelope-from mike.jakubik@intertainservices.com) Received: from mail.intertainservices.com (mail.intertainservices.com [69.77.177.114]) by mx1.freebsd.org (Postfix) with ESMTP id 792208FC13; Mon, 12 Nov 2012 21:49:56 +0000 (UTC) Received: from [172.16.10.200] (unknown [172.16.10.200]) by mail.intertainservices.com (Postfix) with ESMTPSA id B6D2D56465; Mon, 12 Nov 2012 16:49:47 -0500 (EST) Message-ID: <1352756987.7967.10.camel@mjakubik.localdomain> Subject: Re: jail: unknown parameter: ip6.addr From: Mike Jakubik To: Chris Rees Date: Mon, 12 Nov 2012 16:49:47 -0500 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.4.4 (3.4.4-2.fc17) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-intertainservices-MailScanner-Information: Please contact the ISP for more information X-intertainservices-MailScanner-ID: B6D2D56465.AF9B1 X-intertainservices-MailScanner: Found to be clean X-intertainservices-MailScanner-From: mike.jakubik@intertainservices.com X-Spam-Status: No Cc: jail@freebsd.org, "freebsd-rc@freebsd.org" , Eitan Adler X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 21:49:57 -0000 On Sun, 2012-11-11 at 12:30 +0000, Chris Rees wrote: > > Patch as promised-- please would you test and confirm? > Chris, This patch also works for me, i am able to stop and start jails. Thanks. From owner-freebsd-jail@FreeBSD.ORG Mon Nov 12 23:13:26 2012 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EF429C96 for ; Mon, 12 Nov 2012 23:13:26 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id 60CA58FC12 for ; Mon, 12 Nov 2012 23:13:25 +0000 (UTC) Received: by mail-la0-f54.google.com with SMTP id j13so61136lah.13 for ; Mon, 12 Nov 2012 15:13:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=Htd0tzct7vqkPv4+8tU4HY/F4XRjMy0vJue4wu2QCl4=; b=EKX7gzqK1fXiAlVckI3R2Cp4silsdabRBLtS/ax6jDUMJ905ZLTWE/uD5tfH8v0mi5 hLk0c1XBwIhqTJSrlCvWvTIoDP85x8CPbwM0MTVdBSFSfgyjjYfAw78IRatD1VJCQ+kB GmhcZ0ciJDGyA2bFQyayspuQ953vTLOLLzaTs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :x-gm-message-state; bh=Htd0tzct7vqkPv4+8tU4HY/F4XRjMy0vJue4wu2QCl4=; b=fs0i/gOVNlAhia9VaCDtXX8I0X5Qxn7okBIjf63HapAtOgxz4NrVFiMPcxYvVYfQ3B /MBKD9abwWdODBpV0P3UpspXFHycf3gCqStkthiaJvbIlPrGZj8aJJlUIOCXUvAYwja5 me6F7EKd0HLT+9Pb6DelKn1YqASmcdFfylf+lOwBIISrl/N3Mu1X0z+JtqG1yXr8M55I RLkR4qZXa9BgJDkxIggj0U/eTiWwZ5ks6Elw3LdsRc2LkuNQM2OgXd4cXchDGVuIUlWL Ipu6tiQUVoMrYsmfnVZ7cVFlo1rk9RTJRfiEz8hA/AD7YDJrWEpXnwA8LvlU6NhxsQQt l7Nw== Received: by 10.112.37.7 with SMTP id u7mr8527255lbj.30.1352762004783; Mon, 12 Nov 2012 15:13:24 -0800 (PST) MIME-Version: 1.0 Sender: lists@eitanadler.com Received: by 10.112.25.166 with HTTP; Mon, 12 Nov 2012 15:12:54 -0800 (PST) In-Reply-To: References: From: Eitan Adler Date: Mon, 12 Nov 2012 18:12:54 -0500 X-Google-Sender-Auth: f39-jfzp3fbvs9lUflY7gnMlEJQ Message-ID: Subject: Re: jail: unknown parameter: ip6.addr To: Chris Rees Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQk9EOvJCVFBdlpIc90SEahCz+yCfO85h2NTGzVuPEn8cx+sUWxhgSTOe1w0MqZ2pNG0ls2v Cc: jail@freebsd.org, "freebsd-rc@freebsd.org" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 23:13:27 -0000 On 11 November 2012 07:30, Chris Rees wrote: > On 10/11/2012, Chris Rees wrote: >> [adding rc@, please keep me CCd as I'm not in jail@] >> >> On Thu, 2012-11-08 at 02:27 +0100, Mateusz Guzik wrote: >>> On Wed, Nov 07, 2012 at 03:39:26PM -0500, Mike Jakubik wrote: >>> > Hello, >>> > >>> > I just updated a server to latest stable and my jails no longer start, >>> > troubleshooting the startup script shows us that the parameter ip6.addr >>> > is unknown, this system is compiled without INET6. >>> [..] >>> > + tail +2 /tmp/jail.PJ5ji3QH/jail.8101 >>> > jail: unknown parameter: ip6.addr >>> >>> Try this (lightly tested): >>> http://people.freebsd.org/~mjg/patches/rc-jail-ip-arg.diff >>> >>> Basically the idea is to pass ip4.addr and ip6.addr only when respective >>> addresses are specified in configuration. >> >> >> Since we've had confirmation that the patch works, a much faster way >> is to use sh's variable substitution magic, which also means a much >> smaller change: >> >> - ip4.addr=\"${_addrl}\" ip6.addr=\"${_addr6l}\" >> ${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \ >> + ${_addrl:+ip4.addr=\"${_addrl}\"} >> ${_addr6l:+ip6.addr=\"${_addr6l}\"} ${_parameters} >> command=${_exec_start} > ${_tmp_jail} 2>&1 \ >> >> I'll get a patch together later >> > > Patch as promised-- please would you test and confirm? > > http://www.bayofrum.net/~crees/patches/rc-jail-ip-arg-shvars.diff ack -- Eitan Adler Source, Ports, Doc committer Bugmeister, Ports Security teams From owner-freebsd-jail@FreeBSD.ORG Thu Nov 15 07:07:16 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0FC20807 for ; Thu, 15 Nov 2012 07:07:16 +0000 (UTC) (envelope-from ykirill@yahoo.com) Received: from nm37-vm2.bullet.mail.ne1.yahoo.com (nm37-vm2.bullet.mail.ne1.yahoo.com [98.138.229.130]) by mx1.freebsd.org (Postfix) with ESMTP id 9FB978FC0C for ; Thu, 15 Nov 2012 07:07:15 +0000 (UTC) Received: from [98.138.90.54] by nm37.bullet.mail.ne1.yahoo.com with NNFMP; 15 Nov 2012 07:07:08 -0000 Received: from [98.138.88.232] by tm7.bullet.mail.ne1.yahoo.com with NNFMP; 15 Nov 2012 07:07:08 -0000 Received: from [127.0.0.1] by omp1032.mail.ne1.yahoo.com with NNFMP; 15 Nov 2012 07:07:08 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 917096.13617.bm@omp1032.mail.ne1.yahoo.com Received: (qmail 47941 invoked by uid 60001); 15 Nov 2012 07:07:08 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1352963228; bh=0c7JGkZoUQiXlszNIG4qP+pSTZyi1Owyh/yFYoIorXw=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type; b=cUhWga72Ug+1zpjYJDQvbj4B8rlIhnYvBoNENB2Ua4+pr8xMzsJiOL+wg1+9oW2CQ8VA/+6Jq5drwLqapivM7eY6hQyDg161hdzuUxCWNDxNWbS4YEmGmx/EgJxVFRbWEG2iFeEcQQxiVF2dGD8SXLW0n/Nxksh3a5s3jfaY+QI= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type; b=chRvX/VwW43iTPD09O9aDwF4qqkUZeV8l0iM7HY2eT9S65VBz7IEdONnyYJZKW06RdxrYO4nD4X3uFrzbO2Ktc6RYE+5vS8bV8M6fhreQiO74cpId/soUZ6gN4kdQD8pzaTDHK1CgWb9iQRSxJEOTbZCcaizVzqtaMPLmhcMo/8=; X-YMail-OSG: nLhgsuUVM1lAU27MwGbVMcDWpIwKJha3TZaqc1_IlGdVqlO 8nymNRdGagEBEi7W6.IVeoHw0FDTKdo59qnQYJnHgYDDvtj7eQc2wURpEb8l JD3DcI3.cQ8LFDn4whVD8lNjsBfmdM6T1DQEhCkKdzc4UHwgWld6qnakUJB6 i5U.qNZYpOfH2CzSxabuXEsrkGSTFmIaKjioop8S9iNUV34qIKCmw_4FH1IV hfJ_KAgcTkNtmj3IBiiUAmn.nctxHRdlQYLSiBGAQhC4OT0VVtH2WFycVeFr fAY0rLjaqzpgs25LlwOqLYpfwQ.6ttz8M9nY_29bKP2SuFfhgaCM.DOb49bv qpTBi9k24wOKFtwfX7pUB_tHieMQ8G5AhQBuY23skk7u4MfiVurSJTAlGA8t DAlKk_0E_j_LL3kPTVofpfmwZXo8BeqS.EP2VKr5yDTZZycYmCJwGmsNPEWd sfpUW_IqqxYwzZVEzxsxJA9eZ_GUqRQYa.iJnyFeL6kgEaVjZwLa3amZKKNh J6X64R0fWRdnrrkG6V3UZTELfQp5NSMBpAEm4W2jVv1SAph8ViB8Mzq1qjZg _zNq3Xlx9eB7J3YKMRFVRyrSGVYK.ZFQDrN7zbKbLQWE8Jm.M8OrPkrECC3u OCAtLucXinkc6INcsRKi8H62LZHtPvfVB9gH_R.y0eY.R2ze6rWen_JEUToW 2WTK4HimuiYfbT.FmOF3bL7QAAWYCNwOoc2riLKuSKynFg5lGz2SGmFMlwt8 - Received: from [212.74.229.232] by web121301.mail.ne1.yahoo.com via HTTP; Wed, 14 Nov 2012 23:07:08 PST X-Rocket-MIMEInfo: 001.001, R29vZCBEYXkhCgpJIGZhY2VkIHRoZSBzYW1lIHByb2JsZW0gd2hlbiB1cGdyYWRlZCBmcm9tIDguMiB0byA5LjEgdHdvIGRheXMgYWdvLiBUaGUgcGF0Y2ggd29ya3MgZmluZSBmb3IgbWUuIEkgaGF2ZSBub29wdGlvbnMgSU5FVDYgaW4gbXkga2VybmVsLgoKUmVnYXJkcywKS2lyaWxsCgpPbiAxMSBOb3ZlbWJlciAyMDEyIDA3OjMwLCBDaHJpcyBSZWVzIDx1dGlzb2Z0IGF0IGdtYWlsLmNvbT4gd3JvdGU6Cj5PbiAxMC8xMS8yMDEyLCBDaHJpcyBSZWVzIDx1dGlzb2Z0IGF0IGdtYWlsLmNvbT4gd3JvdGU6ID4BMAEBAQE- X-Mailer: YahooMailWebService/0.8.123.460 Message-ID: <1352963228.47523.YahooMailNeo@web121301.mail.ne1.yahoo.com> Date: Wed, 14 Nov 2012 23:07:08 -0800 (PST) From: Kirill Yelizarov Subject: jail: unknown parameter: ip6.addr To: "eadler@freebsd.org" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "freebsd-jail@freebsd.org" , "utisoft@gmail.com" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Kirill Yelizarov List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 07:07:16 -0000 Good Day! I faced the same problem when upgraded from 8.2 to 9.1 two days ago. The patch works fine for me. I have nooptions INET6 in my kernel. Regards, Kirill On 11 November 2012 07:30, Chris Rees wrote: >On 10/11/2012, Chris Rees wrote: >>[adding rc@, please keep me CCd as I'm not in jail@] >>>>On Thu, 2012-11-08 at 02:27 +0100, Mateusz Guzik wrote: >>>On Wed, Nov 07, 2012 at 03:39:26PM -0500, Mike Jakubik wrote: >>>> Hello, >>>> >>>> I just updated a server to latest stable and my jails no longer start, >>>> troubleshooting the startup script shows us that the parameter ip6.addr >>>> is unknown, this system is compiled without INET6. >>>[..] >>>> + tail +2 /tmp/jail.PJ5ji3QH/jail.8101 >>>> jail: unknown parameter: ip6.addr >>>>>>Try this (lightly tested): >>>http://people.freebsd.org/~mjg/patches/rc-jail-ip-arg.diff >>>>>>Basically the idea is to pass ip4.addr and ip6.addr only when respective >>>addresses are specified in configuration. >>>>>>Since we've had confirmation that the patch works, a much faster way >>is to use sh's variable substitution magic, which also means a much >>smaller change: >>>>- ip4.addr=\"${_addrl}\" ip6.addr=\"${_addr6l}\" >>${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \ >>+ ${_addrl:+ip4.addr=\"${_addrl}\"} >>${_addr6l:+ip6.addr=\"${_addr6l}\"} ${_parameters} >>command=${_exec_start} > ${_tmp_jail} 2>&1 \ >>>>I'll get a patch together later >>>>Patch as promised-- please would you test and confirm? >>http://www.bayofrum.net/~crees/patches/rc-jail-ip-arg-shvars.diff ack From owner-freebsd-jail@FreeBSD.ORG Thu Nov 15 15:58:51 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 674B7A54 for ; Thu, 15 Nov 2012 15:58:51 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id 2F8AC8FC16 for ; Thu, 15 Nov 2012 15:58:50 +0000 (UTC) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id qAFFsCWR010386; Thu, 15 Nov 2012 08:54:12 -0700 (MST) (envelope-from jamie@FreeBSD.org) Message-ID: <50A51022.5000801@FreeBSD.org> Date: Thu, 15 Nov 2012 08:54:10 -0700 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0) Gecko/20120126 Thunderbird/9.0 MIME-Version: 1.0 To: freebsd-jail@FreeBSD.org Subject: Recent jail problems [was: ICMP RAW socket error] References: <1352457514352-5759501.post@n5.nabble.com> In-Reply-To: <1352457514352-5759501.post@n5.nabble.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Beeblebrox X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Nov 2012 15:58:51 -0000 On 11/09/12 03:38, Beeblebrox wrote: > My jail used to work fine but it seems a recent update broke some things. My > kernel/world has INET6 disblad and there are already 2 threads re the error > that setting causes with jails. Now this error - is it a bug or am I missing > something? > > My /etc/sysctl.conf has > security.jail.allow_raw_sockets=1 > I even confirm it separately before starting the jail: > # sysctl security.jail.allow_raw_sockets > > * I start the jail but isc-dhcpd cannot start: unable to create icmp socket: > Operation not permitted > * I cannot ping from the jail: ping: socket: Operation not permitted > * This error also, but inetd starts: inetd[50866]: madvise() failed: > Operation not permitted > > No point in setting up a dhcp debug log, the error is in the network > setting. > /etc/devfs.rules has: add path net unhide, add path 'net/*' unhide > My system is not exposed to the outside so it does not have pf / nat running > on it. It is indeed a bug, same as bin/173469, except with allow_raw_sockets instead of sysvipc_allowed. With the recent change to rc.d/jail, the jail permission sysctls are no longer used in starting up jails.R You can get past it for now by setting jail_xxx_parameters="allow.raw_sockets" in your rc.conf. But that's a hack fix, and we need something better before any of this goes out to release. Here's the problem: I had planned to deprecate those global sysctls in favor of per-jail parameters, and only "old style" usage of the jail command paid attention to them so existing setups would work. But I didn't explicitly say that anywhere, leaving that as part of the new config file based setup. But the recent patch to allow arbitrary parameters in rc.d/jail necessitated a switch to the new jail command line. I think the jail_xxx_parameters patch needs to go, or least rc.d/jail needs to be a bit more complex, and run the old command line when a jail doesn't have any "_parameters". That way the old semantics will be preserved for existing users. - Jamie From owner-freebsd-jail@FreeBSD.ORG Sat Nov 17 13:12:44 2012 Return-Path: Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B329EC36; Sat, 17 Nov 2012 13:12:44 +0000 (UTC) (envelope-from ed@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 7F85A8FC13; Sat, 17 Nov 2012 13:12:44 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qAHDChLB093270; Sat, 17 Nov 2012 13:12:43 GMT (envelope-from ed@freefall.freebsd.org) Received: (from ed@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qAHDChWT093266; Sat, 17 Nov 2012 14:12:43 +0100 (CET) (envelope-from ed) Date: Sat, 17 Nov 2012 14:12:43 +0100 (CET) Message-Id: <201211171312.qAHDChWT093266@freefall.freebsd.org> To: rlucia@iscanet.com, ed@FreeBSD.org, freebsd-jail@FreeBSD.org From: ed@FreeBSD.org Subject: Re: bin/32828: [jail] w(1) incorrectly handles stale utmp slots with jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 13:12:45 -0000 Synopsis: [jail] w(1) incorrectly handles stale utmp slots with jail State-Changed-From-To: open->closed State-Changed-By: ed State-Changed-When: Sat Nov 17 14:12:43 CET 2012 State-Changed-Why: Closing, as this is no longer an issue on FreeBSD -CURRENT. http://www.freebsd.org/cgi/query-pr.cgi?pr=32828 From owner-freebsd-jail@FreeBSD.ORG Sat Nov 17 14:57:41 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6CA336CF for ; Sat, 17 Nov 2012 14:57:41 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id BF18F8FC14 for ; Sat, 17 Nov 2012 14:57:40 +0000 (UTC) Received: by mail-la0-f54.google.com with SMTP id j13so3461061lah.13 for ; Sat, 17 Nov 2012 06:57:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=KprDGViN1sqeKxzOEKWv6peGSC36X+i8tNL8sekz94o=; b=QFmgG6oFtcke3gdaINAgnzvGB3dWYKlhJu7jV9qrWzI7q/guVw3Na41xnqLfDllZBW dk5DIPicHAj6NOnpq+NhHwYRtwq8j8NjDoyiKqDVHMN4ZfZ47mvIHxEH30u5M4DRf6Am +vrJvRRAk1xSFTCr8wNUxv4ul28n9aQ1tFq1A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=KprDGViN1sqeKxzOEKWv6peGSC36X+i8tNL8sekz94o=; b=S+a3fW3pr8BJ3GswKeBCqIqf2jalyWan0gY0CVTmHl0kMNNh3NluvX/EiizWnhZrKz hHJgxKtxM6kfyRuNGyHrpOQv6PTg96/uwCDRbe60xWZlpZI1c6xqFJ623WFjccGuuRiw J9MOSjc+V6WS6Nc3pEXm0my6BnmMFTJU4dMhr+/fiqh8PUqsdvmh0lfjfmER2fc0cm6e Hp4nLp0Ih4uKmrMhaYU5cvp4jgNWffsPA/osOMxExhCDpHEE9BkBWSRsZKOCO9YzmlsX qd71NUB047S4ZPSwlBj2v+EUdUNfZvPk3DbcURlKRC00t5xGHuF+fMXpMGXsPOSiEEhr Ry1g== Received: by 10.152.106.171 with SMTP id gv11mr7204904lab.26.1353164259420; Sat, 17 Nov 2012 06:57:39 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.25.166 with HTTP; Sat, 17 Nov 2012 06:57:08 -0800 (PST) In-Reply-To: <201211171312.qAHDChWT093266@freefall.freebsd.org> References: <201211171312.qAHDChWT093266@freefall.freebsd.org> From: Eitan Adler Date: Sat, 17 Nov 2012 09:57:08 -0500 Message-ID: Subject: Re: bin/32828: [jail] w(1) incorrectly handles stale utmp slots with jail To: ed@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQmrFSrsc3QFkeg30zrqo9AS9t+4SdH1ghKvolYj8/tELrzKm9DMtVrBf3StSY2hJxMlnxhS Cc: rlucia@iscanet.com, freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 14:57:41 -0000 On 17 November 2012 08:12, wrote: > Synopsis: [jail] w(1) incorrectly handles stale utmp slots with jail > > State-Changed-From-To: open->closed > State-Changed-By: ed > State-Changed-When: Sat Nov 17 14:12:43 CET 2012 > State-Changed-Why: > Closing, as this is no longer an issue on FreeBSD -CURRENT. Was the fix MFCed? -- Eitan Adler From owner-freebsd-jail@FreeBSD.ORG Sat Nov 17 16:31:55 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 55A705A8 for ; Sat, 17 Nov 2012 16:31:55 +0000 (UTC) (envelope-from edschouten@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 112838FC0C for ; Sat, 17 Nov 2012 16:31:54 +0000 (UTC) Received: by mail-ob0-f182.google.com with SMTP id 16so4677013obc.13 for ; Sat, 17 Nov 2012 08:31:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=EejD0Qe4P2fOITY6z7eCsWOiKbgyQYmuH2zynmHNQ2M=; b=UR1TgT1W3TXyqHZej0UqHYX3UyITeI0NpI9KFuW261ErulHlCaBUNKC4sAXt9lVb0p Ov3+izLaEkEjsfqwEA9zekDYklL7mq6dSvb6PJtYWGMyrO08Mlec/kEiQXH0V5vvgral UKVXAGyAU/XPJVpWXbBdZM6WP9tvGz0Y7kkKHh+muC4XFqCVozSgcgOTAlKv1GzuJha5 4n61n5BOZMqhcDTsYihupb1hPsY46zOAhPtfzLBBLf+cglKTePolYHjnJ788IdCwOBgT TtPs+q77dNmeXmWKoSXwDuy60STIpSBo3oMNviOGl+OLahb5EhPkBvKGGXiv+xIepf9f kF4A== MIME-Version: 1.0 Received: by 10.60.171.174 with SMTP id av14mr3325241oec.92.1353169914213; Sat, 17 Nov 2012 08:31:54 -0800 (PST) Sender: edschouten@gmail.com Received: by 10.76.151.39 with HTTP; Sat, 17 Nov 2012 08:31:54 -0800 (PST) In-Reply-To: References: <201211171312.qAHDChWT093266@freefall.freebsd.org> Date: Sat, 17 Nov 2012 17:31:54 +0100 X-Google-Sender-Auth: k0HKaV_TZ_BNuDJFMp0-RAKHcnc Message-ID: Subject: Re: bin/32828: [jail] w(1) incorrectly handles stale utmp slots with jail From: Ed Schouten To: Eitan Adler Content-Type: text/plain; charset=UTF-8 Cc: rlucia@iscanet.com, freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 16:31:55 -0000 Hello Eitan, 2012/11/17 Eitan Adler : > Was the fix MFCed? Well, yes and no. There are actually three separate changes here: 1. The visibility of pseudo-terminals. On FreeBSD 8 and later, pseudo-terminals are only shown in devfs if they belong to your jail or one of its descendants. 2. If you set cleanvar_enable="YES" your utx.active file will already be discarded on startup, meaning any stale entries won't survive a reboot. 3. r231534 moves the unconditional initialisation of utx.active with a BOOT_TIME entry out of init(8) into an rc script, so you don't need cleanvar_enable="YES". I'm not planning on MFCing the latter, as FreeBSD 9's utmpx does not write BOOT_TIME entries in utx.active to begin with, so merging back r231534 is useless. Given the fact that the first two changes already effectively fix this issue, I consider this bug fixed. -- Ed Schouten From owner-freebsd-jail@FreeBSD.ORG Sat Nov 17 17:38:34 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5A436D39 for ; Sat, 17 Nov 2012 17:38:34 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id C4E9B8FC12 for ; Sat, 17 Nov 2012 17:38:33 +0000 (UTC) Received: by mail-lb0-f182.google.com with SMTP id go10so921025lbb.13 for ; Sat, 17 Nov 2012 09:38:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=1ablzpXLEf3JLW+hrtaFtgaYkQFgo1slyTGUc6763PA=; b=PNaVY+5oSDkIJuj2WyuGFRMBeXJuv/c3EVfs36KJlSHrDOGklv2KwpVhhTNYb2tvT2 Er1WoD4Yc1J6tClmuMQW53tXINUsAuss+HTyVflB3e9YKaFM6oZ4cHfwKSC7g4Xq1MpX lAelkU7TR6+YW0xkUfO28Hc2FCoNKhqdVT+Ic= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=1ablzpXLEf3JLW+hrtaFtgaYkQFgo1slyTGUc6763PA=; b=IftljObCP3SnlE12tNAj5WF3KOct/ij6PS4xspce/3mukP7iFEG88TkGhwaHpBJAgx f4/G8//jDeLZQortj2cuRcsfOSsu1GODx86dwKI6+gtvs7Vxv6y6NAb/WiJdqq73AH+l VJxHZ30sbazwuiK861qvh3mdp3lQ1FrhVUYHFnEfybBelvWZ0LEw/mYBW9q6WMX0YX0p 9gfRRmZpoz1sFmS1mUoWkrmGKVy6/lSmQ0q+2EjL1oKedYyGsyFaoERsgfL/0jFwoIBs gR0jVZS5lir2RKdxg8k8EnIZRhJLwjtJFEe5iXpK8KTR8722GqCjLhrpqbISfSba/0p+ /Trg== Received: by 10.112.47.42 with SMTP id a10mr4232lbn.30.1353173912542; Sat, 17 Nov 2012 09:38:32 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.25.166 with HTTP; Sat, 17 Nov 2012 09:38:01 -0800 (PST) In-Reply-To: References: <201211171312.qAHDChWT093266@freefall.freebsd.org> From: Eitan Adler Date: Sat, 17 Nov 2012 12:38:01 -0500 Message-ID: Subject: Re: bin/32828: [jail] w(1) incorrectly handles stale utmp slots with jail To: Ed Schouten Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQkaceSx4HIN99EL47VUc+3mxtCZ8h4aqOfJ5AYUdV09hV9T7CYa6FYFoYEH/taOLH3+kMs3 Cc: rlucia@iscanet.com, freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 17:38:34 -0000 On 17 November 2012 11:31, Ed Schouten wrote: > Hello Eitan, > > 2012/11/17 Eitan Adler : >> Was the fix MFCed? > > Well, yes and no. There are actually three separate changes here: Ack. Thanks! -- Eitan Adler